6.46 million LinkedIn passwords leaked online

Summary:More than 6.4 million LinkedIn passwords have leaked to the Web after an apparent hack. Though some login details are encrypted, all users are advised to change their passwords.

A user on a Russian forum has claimed to have downloaded 6.46 million user hashed passwords from LinkedIn.

It looks as though some of the weaker passwords --- around 300,000 of them --- may have been cracked already. Other users have been seen reaching out to fellow hackers in an apparent bid to seek help in cracking the encryption.

Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses also, though they appear encrypted and unreadable.

One ZDNet reader said they had searched the cache and and found their their password. It has been reported that the passwords were encrypted using the SHA-1 algorithm --- which has been known for its flaws --- but unless a password is weak, it may take a while to decrypt the remaining cache.

LinkedIn has more than 150 million users worldwide. This apparent hack appears to affect less than 5 percent of its user base. It's not clear if any more users are affected outside this figure, but today's events will strike a damaging blow to the 'professional' social network's reputation.

It is advised users change their passwords as a precautionary measure. Having said that, some readers are reporting that the password reset feature is being "overwhelmed" by visitors; naturally, considering the circumstances.

Update 1: LinkedIn said it was "looking into reports of stolen passwords."

Update 2: LinkedIn said it "continues to investigate" but is "unable to confirm that any security breach has occurred."

Update 3: LinkedIn confirmed it has suffered a breach leading to a leaked cache of user account details, but did not explain how the data was accessed. The company has disabled affected accounts and emailed account holders with details of how to reset their password. CNET's Elinor Mills has more.

Related:

Topics: Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.